mgraeber-rc/GenerateWHQLDriverRules.ps1

## GenerateWHQLDriverRules.ps1
# Create a scratch directory as the destination for drivers that would have failed to load due to WHQL enforcement.
mkdir Drivers

# After a reboot, list all drivers that would have failed WHQL enforcement - i.e. event ID 3082 events
Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-CodeIntegrity/Operational'; Id = 3082 } | ForEach-Object { "C:$($_.Properties[1].Value)" } | Sort-Object -Unique | Get-ChildItem | Copy-Item -Destination .\Drivers\

# Get signer information for all the affected drivers
$DriverSigners = Get-SystemDriver -ScanPath .\Drivers\ -NoScript -NoShadowCopy

# Build a WHQLPublisher allow rule for the WHQL signed drivers that will only allow WHQL-signed drivers issued to a specific vendor.
$DriverPolicyRules = New-CIPolicyRule -DriverFiles $DriverSigners -Level WHQLPublisher

# Merge the generated rules with your existing base policy
Merge-CIPolicy -OutputFilePath Merged.xml -PolicyPaths .\DefaultWindows_Audit.xml -Rules $DriverPolicyRules
	# Create a scratch directory as the destination for drivers that would have failed to load due to WHQL enforcement.
	mkdir Drivers

	# After a reboot, list all drivers that would have failed WHQL enforcement - i.e. event ID 3082 events
	Get-WinEvent -FilterHashtable @{ LogName = 'Microsoft-Windows-CodeIntegrity/Operational'; Id = 3082 } \| ForEach-Object { "C:$($_.Properties[1].Value)" } \| Sort-Object -Unique \| Get-ChildItem \| Copy-Item -Destination .\Drivers\

	# Get signer information for all the affected drivers
	$DriverSigners = Get-SystemDriver -ScanPath .\Drivers\ -NoScript -NoShadowCopy

	# Build a WHQLPublisher allow rule for the WHQL signed drivers that will only allow WHQL-signed drivers issued to a specific vendor.
	$DriverPolicyRules = New-CIPolicyRule -DriverFiles $DriverSigners -Level WHQLPublisher

	# Merge the generated rules with your existing base policy
	Merge-CIPolicy -OutputFilePath Merged.xml -PolicyPaths .\DefaultWindows_Audit.xml -Rules $DriverPolicyRules